ISMS Policy

SHIFT ASIA provides high-quality software development, software testing and quality assurance services to clients worldwide. As a company with social responsibility, we recognize that it is critical for our sustainable business growth to implement the Information Security Management System (ISMS) that is designed to ensure adequate and appropriate security controls that maintain Confidentiality, Integrity and Availability of information assets. To address it, we have established the ISMS Policy that includes our basic policy on information security and are committed to making company-wide efforts to avoid any information security risks that may impact our business.

1. Purpose

The ISMS is designed to ensure adequate and appropriate security controls customized to the needs of SHIFT ASIA. This policy specifies the requirements for establishing, implementing, monitoring, reviewing, maintaining, and improving documented ISMS within the context of the overall Business requirements.

2. Scope

The Scope of the ISMS covers all SHIFT ASIA business activities and applies to all assets for the entire SHIFT ASIA, which includes all active SHIFT ASIA offices below:

• Ho Chi Minh Office: 130 Suong Nguyet Anh Street, Ben Thanh Ward, District 1, Ho Chi Minh City;
• Ha Noi Office: Room N04, 4th Floor, Viet Tower Building, No. 01 Thai Ha Street, Trung Liet Ward, Dong Da District, Ha Noi City.

3. Information Security Initiatives

3.1 ISO/IEC 27001:2013 Certification

SHIFT ASIA is committed to protecting its business from any information security risks under any circumstances. As part of this effort, we acquired ISO/IEC 27001:2013 certification for ISMS in September 2021. Having obtained this certification, we will endeavor to further enhance our information security measures, maintain or augment our information security management, and earn additional trust from our customers.

Organization registered

SHIFT ASIA CO., LTD.

Scope of registration

Software development and Software testing

Applicable standard

ISO/IEC 27001:2013

Certification registration number

01 153 2135614

Date of registration

September 28, 2021

Intertec Certification Japan Limited

TÜV Rheinland Cert GmbH

3.2 Risk analysis and risk assessment

We identify and manage the information assets and analyze them in terms of threats and vulnerabilities. The risk to them will be evaluated based on asset value, threat and vulnerabilities. If risk value is high, adequate controls shall be implemented.

3.3 Enhancement of information security

We shall build and implement ISMS that is designed to ensure adequate and appropriate security controls that maintain Confidentiality, Integrity and Availability of information assets to prevent leakage, destruction, and illegal use of all information related to the customers, vendors, management etc. We also provide all staff with proper education and training to maintain and improve the effectiveness of the ISMS.

3.4 Business Continuity Management

We shall establish a contingency plan to secure business continuity, assuming occurrences of a loss of key premises caused by fire or lock down due to Corona virus pandemic, network related issue or a large-scale infection disease etc.

3.5 Evaluation and review of information security measures

We shall review the management and effectiveness of the ISMS on a regular basis for further improvement, while making efforts to identify any incidents.

September 28, 2021
SHIFT ASIA CO., LTD.
CEO Ryusuke Ito